IOT threats pwned

April 01, 2016

NEWORDER INDUSTRIES, a specialist information security company in South Africa, today announced a strategic partnership with international threat detection experts PWNIE EXPRESS to bring the Pwn Pulse network threat visibility solution to South Africa.

The arrival of Pwn Pulse in South Africa meets the growing need among local companies for full visibility of the network amid device sprawl and Internet of things (IOT) proliferation, says Marthinus Engelbrecht, CEO of NEWORDER INDUSTRIES.

As more users adopt technology in the workplace, growing numbers of employees will enter the workplace bearing connected devices that can make their work easier and more efficient, but these connected things are very difficult to control, Engelbrecht says. "Connected things bring numerous risks into the workplace that companies need to mitigate. IT executives need to change their mindsets about information security and act accordingly to address this imminent threat to business," he warns.

"Gartner forecasts that 4.9 billion connected things will be in use in 2015, up 30% from 2014, and will reach 25 billion by 2020. The Internet of Things (IOT)* has become a powerful force for business transformation, and its disruptive impact will be felt across all industries and all areas of society."

Engelbrecht explains that controlling the IOT environment is a challenge that has evolved from the BYOD and mobile management headache of years past. Simply managing and securing the mobile environment has proved beyond the abilities of many companies, he says, with extensive policies put in place, but no technology and action to support the paperwork. "BYOD has rapidly evolved into IOT, and presents some of the biggest challenges to network and data security, and will continue to do so for the foreseeable future. IOTT (the Internet of things threats) are growing on a daily basis."

Engelbrecht says organisations attempt to mitigate the risks by stepping up perimeter and end-point security, which leaves a large portion of the network unprotected. "We see growing numbers of purpose-built malicious hardware and applications targeting vulnerabilities in the corporate workplace. Take, for example, Raspberry Pi, which has become a useful tool for criminals: it is barely bigger than a matchbox, features USB ports and a local area network port, and can be programmed to do whatever it needs to do. It is worryingly easy to plant one within a corporate network, where it could remain undetected indefinitely."

Engelbrecht adds that extensive mobile security protocols don't stop a mobile device within the company from operating as an unsecured mobile hotspot, which could be compromised or infected, giving attackers a gateway to the enterprise and its systems. In addition, PWNIE EXPRESS's 2015 Report: "The Internet of Evil Things: The Rapidly Emerging Threat of High Risk Hardware" says malicious hardware is taking a backseat to IOT device threats such as unauthorised, accidental and otherwise misconfigured access points; BYOD and the personalisation of (formerly) corporate hardware; and insecure, misconfigured and vulnerable IOT devices. The report found that 86% of infosec professionals are concerned with connected device threats, with 55% already having witnessed an attack via wireless device, and 38% via a mobile device.

Despite this concern, 40% say their organisations are "unprepared" or "not prepared at all" to find connected device threats, while 37% can't even tell how many devices are connected to their networks. Seventy-one percent are concerned about devices in a default, misconfigured or vulnerable state, including devices with default passwords and "wide-open" settings, followed by unauthorised mobile devices, access points and wearables, and by corporate sponsored BYOD.

The arrival of Pwn Pulse in South Africa allows the IT security team to continuously detect rogue, misconfigured, and unauthorised wireless and wired devices on or around the network. It then audits and provides immediately actionable data that includes a comprehensive list of devices, behaviours, and even historical information; and allows the enterprise security team to track and disable devices from the network.

"Pwn Pulse gives you full visibility into the devices that are providing a path into your network," says Engelbrecht. "Brought to market as either a client-managed or SaaS solution, it enables centralised assessment of all your locations and automatically monitors, fingerprints, analyses, and alerts on the behaviours of any devices in main and branch offices, as well as in the field."

Described as the only solution available today to allow for real-time wireless and wired device detection, Pwn Pulse comes with broad-spectrum device visibility and awareness covering BYOx/mobile, wireless, Bluetooth, wired, and other network-enabled devices.

"Until now, there has been little to protect the corporate network between the perimeter and the endpoint in the new IOT environment. Pwn Pulse is a unique and highly specialised solution, and the only one of its kind in South Africa. Although it is a niche technology, it is priced within reach of even the mid to small business sector," says Engelbrecht.